Mozilla Foundation Security Advisory 2005-01

Link opened in new tab can load a local file

Announced

January 21, 2005

Reporter

Jesse Ruderman

Impact

Low

Products

Firefox, Mozilla Suite

Fixed in

Firefox 1

Mozilla Suite 1.7.5

Description

Links with a custom getter and toString method can bypass checks intended to
prevent web content from linking to local files and "chrome" URIs if the user
can be convinced to middle-click (or control-click) to open it in a new tab.
The browser's "same-origin" policy prevents the attacker's content from taking
advantage of this flaw to read the local file or manipulate privileged chrome.